Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-24651 | Unrestricted Upload of File with Dangerous Type vulnerability in Sentcms 4.0.0 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | 9.8 |
| 2022-03-10 | CVE-2022-24652 | Unrestricted Upload of File with Dangerous Type vulnerability in Sentcms 4.0.0 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | 9.8 |
| 2022-03-10 | CVE-2021-43970 | Unrestricted Upload of File with Dangerous Type vulnerability in Quicklert 10.0.0 An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. | 8.8 |
| 2022-03-07 | CVE-2021-24216 | Unrestricted Upload of File with Dangerous Type vulnerability in Servmask One-Stop WP Migration 7.39/7.40 The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations. | 7.2 |
| 2022-03-07 | CVE-2021-24960 | Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks | 5.4 |
| 2022-03-02 | CVE-2022-25115 | Unrestricted Upload of File with Dangerous Type vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. | 7.8 |
| 2022-03-02 | CVE-2022-25016 | Unrestricted Upload of File with Dangerous Type vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. | 9.8 |
| 2022-03-01 | CVE-2022-24251 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | 8.8 |
| 2022-03-01 | CVE-2022-24252 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | 8.8 |
| 2022-03-01 | CVE-2022-24253 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | 8.8 |